Highly Impactful U.S. Federal Court Decision on Law Enforcement Access to Data Stored Abroad: Status, Next Steps, and Other Moving Pieces

On January 24th, the Court of Appeals for the Second Circuit declined the U.S. government’s request for an en banc rehearing of the Circuit’s landmark Microsoft vs. United States decision. This refusal to revisit its July 2016-issued decision affirmed that U.S. law enforcement cannot arbitrarily demand access to data stored overseas by American companies outside of established international legal processes.

ACT | The App Association has been deeply engaged on these important issues and in this case, we filed an amicus curiae brief in support of Microsoft’s position. We and our members strongly supported the Second Circuit’s historic decision in mid-2016, and we now applaud its refusal to revisit the decision.

Before this decision, companies storing data overseas faced the potential of having to comply with a U.S. warrant’s demand for data when such a disclosure would violate the laws of another country where the data is stored. Fortunately, the court’s decision in Microsoft vs. United States reinforces the U.S. commitment to the international rule of law, as well as a technology-neutral approach to lawful access (i.e., that documents and data stored in the cloud should be treated the same as documents stored in a filing cabinet).

The decision also underscores that the 1986 Electronic Communications Privacy Act (ECPA) is increasingly inapplicable to today’s dynamic mobile technology that is driven by the widespread adoption of cloud computing services. In fact, the 2nd Circuit agreed, stating in its July decision that “[i]t is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose.”

The App Association supports the clarity the Microsoft vs. United States decision (as well the January 24-issued refusal to rehear the case en banc) provides to our member companies and the customers they serve. It reassures that – under today’s law – our member companies can continue to meet the privacy expectations of their customers and international clients, allowing them to grow their businesses and create more jobs.

Importantly, this decision reinforces that the technology community cannot be required to disclose end user data outside of established legal norms. The concept of trust is absolutely essential to small business innovators who cannot grow their business or reach new markets if they cannot guarantee the confidence of their existing (and potential new) consumers.

App Association members may be asking: what’s next? Procedurally, with its en banc hearing request denied, the DOJ’s final option is to petition the U.S. Supreme Court for a writ of certiorari. Absent an extension being granted by the Supreme Court, this petition is due no later than April 24th. Members should be assured that the App Association will remain engaged in this important case at all stages. Separately, the App Association continues to lead in advocating for Congress to modernize relevant U.S. laws to address the reality of a more mobile and connected world.